One or more optional query parameters, in the form name=value, that
will be added to the ACS URL when redirecting to the destination site.
In the case of POST profile, these parameters will be included as form
variables when using the default POST form. If a custom POST form is
in use, the parameters will be made available as a Map of names and
values, but the form may or may not constructed to include the
parameters in the POSTed data..

The alias of the SSL client certificate trusted for this relying
party to connect to the ARS. If set, the destination site must use
this certificate to connect to the ARS. You must also add this
certificate to the registry of trusted certificates for this SAML
Credential Mapping provider.

A time factor you can use to allow the Credential Mapper to
compensate for clock differences between the source and destination
sites. The value is a positive or negative integer representing
seconds.

Normally, an assertion is valid from the NotBefore time, which
defaults to (roughly) the time the assertion was generated, until the
NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive).
However, the source site and the destination site may have minor
differences in their clock settings. The Time To Live offset value is
a positive or negative integer indicating how many seconds before or
after "now" the assertion's NotBefore should be set to. If you set a
value for the Assertion Time To Live Offset, then the assertion
lifetime is still calculated as (NotBefore + TimeToLive), but the
NotBefore value is set to (now + Assertion Time To Live Offset). So,
an assertion might have a two minute (120 second) lifetime that starts
thirty seconds ago, or starts one minute from now. This allows the
Credential Mapper to compensate for clock differences between the
source and destination sites.